After a quick look and asking around a bit, I have a little more information on which OS's appear to be vulnerable (and not vulnerable) to this attack. SunOS 5.5 / Appears not vulnerable BSDI 2.1 / Appears not vulnerable Slackware Linux 2.0.29 / Appears not vulnerable IRIX 5.2-5.3-6.2 / Vulnerable NetBSD 1.2 / Vulnerable OpenBSD / Appears not vulnerable FreeBSD 2.2.2 / Appears not vulnerable Ultrix 4.3 / Appears vulnerable This is by no means an exhaustive list, just what I had access to test quickly (with the exception of Ultrix which was tested by someone else). For what it is worth Theo Deraadt had this fixed in OpenBSD some time ago. He also, if I heard him correctly, discovered and reported this bug to someone at SGI years ago. /**************************************************************************** Alfred Huger http://www.secnet.com/ballista Project Director ahugerat_private Secure Networks Inc. (SNI) *****************************************************************************/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:38:31 PDT